Wednesday, December 1, 2010

CLI Interactions w/SSL Enabled Website

I found it amusing that one of the major changes in the new PCI 2.0 regulation requires that any vulnerabilities with a CVSS score > 4 must be remediated (6.2). It is amusing because what good does it do to require companies to perform vulnerability scanning, if remediation is not enforced, which was the case with the previous version of PCI DSS (11.2).

I digress. Often I am required to confirm an identified vulnerability or validate a fix for a web server. For example, checking to see if TRACK/TRACE is enabled/disabled or HOST header is set for name based virtual hosts. These checks are easy to perform on a non-SSL web server (HTTP) using Telnet, but Telnet cannot be used against an SSL enabled web server (HTTPS).

Another alternative to installing netkit-telnet-ssl is to use Metasploit itself. Of course Metasploit might be an overkill if all you want to do is perform simple tests like the one above. In the case of BackTrack 4 distribution, Metasploit comes installed by default.